How can I Trust Firefox redux

As I have been really interested in the security debate I was really saddened by the post from a member of the IE team, Peter Torr. I didn’t follow the whole Slashdot debate. If this is what the IE team worries about, IE will never ever get fixed. His whole point of view I would summarize this way: IE is more secure because IE provides a better trust model through signed code. His points about the trust model are accurate. I too have cursed under my breath each time I installed “supported extension” to mozilla that wasn’t signed. However, since the trust model has been in place for some time in IE my rebuttal is this.

The way hackers have exploited vulnerabilities in IE has not been helped by an stronger trust model.

The secure code initiatives solve the wrong problem or perhaps it’s that facing the security around signed code, hackers simply took another point of attack. Listening to the Kevin Mitnicks of the world, you quickly understand that the point of least resistance is the path most likely to be taken. So, IE puts up a defense against unsigned code? Get the user to click OK to something they deem trustworthy. If you can make it look exactly like the victims bank/employer/friend/whatever, it’s one step easier. In IE’s case the deeper problem is that activex controls have almost unlimited access to the underlying computer. Mozilla/Firefox extensions are for the most part just javascript with tighter access to the browser as I understand it. On linux platforms, the user typically will run in the browser under weak permissions by default, further limiting, but eliminating the damage that could be done by malicious code.

The end result is that while IE may attempt to look like a great white shining castle with numerous motes and gates, the hackers have quickly figured out how to search for the open ductwork and avoid the defenses entirely.


Comments are closed.